HC3 Raises Concern Over KillNet DDoS Attacks Targeting Healthcare Sector

April 07, 2023 - In just a few months since its emergence in 2022, pro-Russia hacktivist group KillNet has quickly evolved into a significant threat to the healthcare sector by executing distributed denial-of-service (DDoS) attacks, the Health Sector Cybersecurity Coordination Center alerted in its most recent analyst note.

 “Their signature DDoS attacks on critical infrastructure sectors typically only cause service outages lasting several hours or even days,” HC3 noted. “However, the range of consequences from these attacks on the e United States health and public health (HPH) sector can be significant, threatening routine to critical day-to-day operations.”

Outages can have severe consequences for patient care as they can interrupt patient care, lead to patient data loss, and disrupt communication between healthcare providers.

KillNet and its affiliates launched coordinated DDoS attacks on healthcare organizations in the US and several NATO countries around January 28, 2023, in retaliation of support to Ukraine.

Although many activist groups refrain from targeting healthcare organizations, KillNet began launching DDoS attacks in December 2022, primarily focusing on healthcare organizations. Although DDoS attacks are not usually associated with significant damage, they can cause prolonged service outages and disruptions that threaten essential patient care operations.

In late January, KillNet conducted its most significant wave of DDoS attacks to date, targeting over 90 healthcare organizations across states. Of the targets, 55 percent were healthcare systems with at least one hospital, including lone hospitals with Level I trauma centers. Patients receiving care within these facilities could be significantly impacted by the outages resulting from these attacks.

 Although the frequency of DDoS attacks appears to have decreased since March, it is likely that further attacks will occur, HC3 stated.

Few incidents in the HPH sector have been attributed to KillNet this month, with the exception of a DDoS attack on a laboratory, blood, and pharmaceutical sub-industry organization,” the analyst note indicated. “While little to no content on their Telegram channel could be found that indicated a targeting of the sector, one information security publication unveiled a campaign that had gone previously unnoticed.

On March 17, 2023, Microsoft reported that KillNet had been targeting healthcare applications on Azure infrastructure for the past three months, with 31 percent of the attacks on pharmaceutical and life sciences firms, 26 percent on hospitals, 16 percent on health insurance providers, and 16 percent on health services and care. While Transmission Control Protocol was the primary attack vector for DDOS attacks in 2022, 53 percent of the attacks on healthcare utilized User Datagram Protocol (UDP) floods, while 44 percent used TCP.

Protecting an organization from cyber threat groups like KillNet, cannot be achieved by a single cybersecurity protection. Nevertheless, healthcare organizations should proactively take several measures to mitigate DDoS attacks.

One solution offered was to utilize Identity Management (IdM) programs, which can be used by healthcare employees to proactively protect themselves from KillNet’s and other hacktivists’ reconnaissance techniques that gather victim identity information.